You are on page 1of 7

REPUBLIC 10175 Cyber Crime prevention Act of the Philippines

AN ACT DEFINING CYBERCRIME, PROVIDING FOR THE PREVENTION,


INVESTIGATION, SUPPRESSION AND THE IMPOSITION OF PENALTIES
THEREFOR AND FOR OTHER PURPOSES

JOSE MARIE EUGENE E. JAMBONGANA JD-2


AGNES SURMIEDA

Penalizes (section 8) sixteen types of cybercrime (Section 4) are


the following:

Types of Cybercrime Penalty


Prision mayor (imprisonment of six years and 1 day up to
12 years) or a fine of at least Two hundred thousand
pesos (P200,000) up to a maximum amount
1. Illegal access commensurate to the damage incurred or BOTH.————
————If committed against critical
Unauthorized access (without right) to a computer infrastructure:Reclusion temporal (imprisonment for
system or application. twelve years and one day up to twenty years) or a fine of
at least Five hundred thousand pesos (P500,000) up to a
maximum amount commensurate to the damage
incurred or BOTH

2. Illegal interception

Unauthorized interception of any non-public – The same as above


transmission of computer data to, from, or within a
computer system.

3. Data Interference

Unauthorized alteration, damaging, deletion or


deterioration of computer data, electronic document,
or electronic data message, and including the – The same as above
introduction or transmission of viruses. Authorized
action can also be covered by this provision if the action
of the person went beyond agreed scope resulting to
damages stated in this provision.

4. System Interference

Unauthorized hindering or interference with the


functioning of a computer or computer network by
inputting, transmitting, damaging, deleting,
deteriorating, altering or suppressing computer data or – The same as above
program, electronic document, or electronic data
messages, and including the introduction or
transmission of viruses. Authorized action can also be
covered by this provision if the action of the person
went beyond agreed scope resulting to damages stated
in this provision.
5. Misuse of devices

The unauthorized use, possession, production, sale,


procurement, importation, distribution, or otherwise
making available, of devices, computer program
designed or adapted for the purpose of committing any – The same as above except fine should be no more than
of the offenses stated in Republic Act Five hundred thousand pesos (P500,000).
10175.Unauthorized use of computer password, access
code, or similar data by which the whole or any part of
a computer system is capable of being accessed with
intent that it be used for the purpose of committing any
of the offenses under Republic Act 10175.

6. Cyber-squatting

Acquisition of domain name over the Internet in bad


faith to profit, mislead, destroy reputation, and deprive
others from the registering the same. This includes
those existing trademark at the time of registration;
names of persons other than the registrant; and
acquired with intellectual property interests in it. Those – The same as above
who get domain names of prominent brands and
individuals which in turn is used to damage their
reputation – can be sued under this provision. Note that
freedom of expression and infringement on trademarks
or names of person are usually treated separately. A
party can exercise freedom of expression without
necessarily violating the trademarks of a brand or names
of persons.

7. Computer-related Forgery

Unauthorized input, alteration, or deletion of computer


data resulting to inauthentic data with the intent that it Prision mayor (imprisonment of six years and 1 day up to
be considered or acted upon for legal purposes as if it 12 years) or a fine of at least Two hundred thousand pesos
were authentic, regardless whether or not the data is (P200,000) up to a maximum amount commensurate to
directly readable and intelligible; or the act of knowingly the damage incurred or BOTH.
using computer data which is the product of computer-
related forgery as defined here, for the purpose of
perpetuating a fraudulent or dishonest design.

8. Computer-related Fraud

– The same as above provided, That if no damage has yet


Unauthorized input, alteration, or deletion of computer been caused, the penalty imposed shall be one (1) degree
data or program or interference in the functioning of a lower.
computer system, causing damage thereby with
fraudulent intent.

9. Computer-related Identity Theft


– the same as above
Unauthorized acquisition, use, misuse, transfer,
possession, alteration or deletion of identifying
information belonging to another, whether natural or
juridical.

10. Cybersex

Willful engagement, maintenance, control, or operation,


directly or indirectly, of any lascivious exhibition of sexual
organs or sexual activity, with the aid of a computer Prision mayor (imprisonment of six years and 1 day up to
system, for favor or consideration. There is a discussion 12 years) or a fine of at least Two hundred thousand
on this matter if it involves “couples” or “people in pesos (P200,000) but not exceeding One million pesos
relationship” who engage in cybersex. For as long it is not (P1,000,000) or BOTH.
done for favor or consideration, I don’t think it will be
covered. However, if one party (in a couple or
relationship) sues claiming to be forced to do cybersex,
then it can be covered.

11. Child Pornography


Penalty to be imposed shall be one (1) degree higher than
Unlawful or prohibited acts defined and punishable that provided for in Republic Act 9775, if committed
by Republic Act No. 9775 or the Anti-Child Pornography through a computer system.
Act of 2009, committed through a computer system.

* Unsolicited Commercial*
Communications (SPAMMING)
THIS PROVISION WAS STRUCK DOWN BY THE SUPREME
COURT AS UNCONSTITUTIONAL.

12. Libel

Unlawful or prohibited acts of libel as defined in Article


355 of the Revised Penal Code, as amended committed
through a computer system or any other similar means
which may be devised in the future. Revised Penal Code
Art. 355 states Libel means by writings or similar means.
— A libel committed by means of writing, printing,
lithography, engraving, radio, phonograph, painting,
theatrical exhibition, cinematographic exhibition, or any
similar means, shall be punished by prision correccional
Penalty to be imposed shall be one (1) degree higher than
in its minimum and medium periods or a fine ranging
that provided for by the Revised Penal Code, as amended,
from 200 to 6,000 pesos, or both, in addition to the civil
and special laws, as the case may be.
action which may be brought by the offended party. The
Cybercrime Prevention Act strengthened libel in terms of
penalty provisions.

The electronic counterpart of libel has been recognized


since the year 2000 when the E-Commerce Law was
passed. The E-Commerce Law empowered all existing
laws to recognize its electronic counterpart whether
commercial or not in nature.

13. Aiding or Abetting in the commission of Imprisonment of one (1) degree lower than that of the
cybercrime prescribed penalty for the offense or a fine of at least One
Any person who willfully abets or aids in the commission hundred thousand pesos (P100,000) but not exceeding
of any of the offenses enumerated in this Act shall be Five hundred thousand pesos (P500,000) or both.
held liable.

14. Attempt in the commission of cybercrime


Any person who willfully attempts to commit any of the – The same as above
offenses enumerated in this Act shall be held liable.

15. All crimes defined and penalized by the Revised


Penal Code, as amended, and special laws, if committed Penalty to be imposed shall be one (1) degree higher than
by, through and with the use of information and that provided for by the Revised Penal Code, as amended,
communications technologies shall be covered by the and special laws, as the case may be.
relevant provisions of this Act.

Although not exactly a cybercrime, I am including this here as


penalties are also imposed by the law.

16. Corporate Liability. (Section 9)

When any of the punishable acts herein defined are


knowingly committed on behalf of or for the benefit of a
juridical person, by a natural person acting either For sanctioned actions, Juridical person shall be held
individually or as part of an organ of the juridical person, liable for a fine equivalent to at least double the fines
who has a leading position within, based on:(a) a power imposable in Section 7 up to a maximum of Ten million
of representation of the juridical person provided the act pesos (P10,000,000).For neglect such as misuse of
committed falls within the scope of such authority;(b) an computer resources that resulted to cybercrime
authority to take decisions on behalf of the juridical committed in organization physical or virtual premises or
person. Provided, That the act committed falls within the resources, juridical person shall be held liable for a fine
scope of such authority; or(c) an authority to exercise equivalent to at least double the fines imposable in Section
control within the juridical person, It also includes 7 up to a maximum of Five million pesos
commission of any of the punishable acts made possible (P5,000,000).Criminal liability may still apply to the natural
due to the lack of supervision or control. person.

2. Liability on other laws

Section 7 was struck down by Supreme Court as it violated the provision


on double jeopardy.

3. Jurisdiction

(a) The Regional Trial Court designated special cybercrime


courts shall have jurisdiction over any violation of the provisions
of this Act including any violation committed by a Filipino national
regardless of the place of commission. Jurisdiction shall lie if any
of the elements was committed within the Philippines or committed
with the use of any computer system wholly or partly situation in
the country, or when by such commission any damage is caused to a
natural or juridical person who, at the time the offense was
committed, was in the Philippines. (Section 21)

(b) For international and trans-national cybercrime investigation


and prosecution, all relevant international instruments on
international cooperation in criminal matters, arrangements agreed
on the basis of uniform or reciprocal legislation, and domestic
laws, to the widest extent possible for the purposes of
investigations or proceedings concerning criminal offenses related
to computer systems and data, or for the collection of evidence in
electronic form of a criminal offense shall be given full force and
effect. (Section 21)

This gives the Philippines the ability to participate in treaties and of


mutual cooperation with countries that have counterpart legislation
effectively – especially – on cybercrime cases that have team members or
victims residing in the Philippines.

4. Responsibilities of the Philippine National Police (PNP) and


National Bureau of Investigation (NBI)

The law gave police authorities the mandate it needs to


initiate investigation to process the various complaints / report
it gets from citizens. There are instances of online attacks, done
anonymously, where victims approach police authorities for help.
They often find themselves lost in getting investigation assistance
as police authorities can’t effectively initiate an investigation
(only do special request) – as their legal authority to request for
logs or data does not exist at all unless a case is already filed.
(Which in case of anonymously done – will be hard to initiate)

The PNP and NBI shall be responsible for the enforcement of this
law. This includes:

(a) The PNP and NBI are mandated to organize a cybercrime unit or
center manned by special investigators to exclusively handle cases
involving violations of this Act. (Section 10).

(b) The PNP and NBI are required to submit timely and regular reports
including pre-operation, post operation, and investigation results
and such other documents as may be required to the Department of
Justice for review and monitoring. (Section 11)

(c) THE SUPREME COURT STRUCK DOWN SECTION 12 THAT IS SUPPOSED TO authorize
law enforcement authorities, without court warrant, to collect or record
by technical or electronic means traffic data in real time associated with
specified communications transmitted by means of a computer system.
(Section 12) Getting a COURT WARRANT is a must.

(d) May order a one-time extension of another six (6) months on


computer data requested for preservation. Provided, that once
computer data preserved, transmitted or stored by service provider
is used as evidence in a case, the mere furnishing to such service
provider of the transmittal document to the Office of the Prosecutor
shall be deemed a notification to preserve the computer data until
the termination of the case. (Section 13)

(e) Carry out search and seizure warrants on computer data. (Section
15) Once done, turn-over custody in a sealed manner to courts within
48 hours (section 16) unless extension for no more than 30 days was
given by the courts (section 15).

(f) Upon expiration of time required to preserve data, police


authorities shall immediately and completely destroy the computer
data subject of a preservation and examination. (Section 17)

5. Responsibility of service providers (SP)

Service provider refers any public or private entity that provides


to users of its service the ability to communicate by means of a
computer system, and processes or stores computer data on behalf of
such communication service or users of such service. (Section 3(n).
(a) SP upon receipt of a court warrant from police authorities to
disclose or submit subscriber’s information, traffic data or
relevant data in its possession or control shall comply within
seventy-two (72) hours from receipt of the order in relation to a
valid complaint officially docketed and assigned for investigation
and the disclosure is necessary and relevant for the purpose of
investigation. (Section 14)

(b) The integrity of traffic data and subscriber information


relating to communication services provided by a service provider
shall be preserved for a minimum of six (6) months period from the
date of the transaction. Content data shall be similarly preserved
for six (6) months from the date of receipt of the order from law
enforcement authorities requiring its preservation. (Section 13)

(c) Once computer data preserved, transmitted or stored by service


provider is used as evidence in a case, the mere furnishing to such
service provider of the transmittal document to the Office of the
Prosecutor shall be deemed a notification to preserve the computer
data until the termination of the case. (Section 13)

(d) Upon expiration of time required to preserve data, SP shall


immediately and completely destroy the computer data subject of a
preservation and examination. (Section 17)

(e) Failure to comply with the provisions of Chapter IV specifically


the orders from law enforcement authorities shall be punished as a
violation of Presidential Decree No. 1829 with imprisonment of
prision correccional in its maximum period or a fine of One hundred
thousand pesos (P100,000) or both for each and every non-compliance
with an order issued by law enforcement authorities.

Service Provider protection insofar as liability is concerned, it


is already covered under the E-Commerce Law.

6. Responsibility of individuals

(a) Individuals upon receipt of a court warrant being required to


disclose or submit subscriber’s information, traffic data or
relevant data in his possession or control shall comply within
seventy-two (72) hours from receipt of the order in relation to a
valid complaint officially docketed and assigned for investigation
and the disclosure is necessary and relevant for the purpose of
investigation.

(b) Failure to comply with the provisions of Chapter IV specifically


the orders from law enforcement authorities shall be punished as a
violation of Presidential Decree No. 1829 with imprisonment of
prision correccional in its maximum period or a fine of One hundred
thousand pesos (P100,000) or both for each and every non-compliance
with an order issued by law enforcement authorities.

7. Inadmissible evidence

(a) Any evidence procured without a valid warrant or beyond the


authority of the same shall be inadmissible for any proceeding before
any court or tribunal. (Section 18)

8. Access limitation

The Supreme Court struck down Section 19 of the law that gives the
Department of Justice powers to order the blocking of access to a site
provided there is prima facie evidence supporting it.
9. Cybercrime new authorities

(a) Office of Cybercrime within the DOJ designated as the


central authority in all matters relating to international mutual
assistance and extradition. (Section 23)

(b) Cybercrime Investigation and Coordinating Center (CICC) an


inter-agency body to be created under the administrative supervision
of the Office of the President, for policy coordination among
concerned agencies and for the formulation and enforcement of the
national cybersecurity plan. (Section 24)

CICC will be headed by the Executive Director of the


Information and Communications Technology Office under the
Department of Science and Technology as Chairperson with the
Director of the NBI as Vice Chairperson; the Chief of the PNP, Head
of the DOJ Office of Cybercrime; and one (1) representative from the
private sector and academe, as members. (Section 25)

The CICC is the cybercrime czar tasked to ensure this law is


effectively implemented. (Section 26).